0. install
sudo apt-get install libpam-pwdfile vsftpd apache2-utils
/usr/sbin/vsftpd

1. Edit /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/ftp/data
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
ftpd_banner=Welcome to Kandao Tech Ltd.

xferlog_enable=YES
xferlog_std_format=YES
xferlog_file=/var/log/xferlog
dual_log_enable=YES
vsftpd_log_file=/var/log/vsftpd.log

#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd

2. Edit /etc/pam.d/vsftpd
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

3. Add a system user for virtual users
useradd –home /home/vsftd –gid nogroup -m –shell /bin/false vsftpd

4. Create virtual users
mkdir /etc/vsftpd
htpasswd -d /etc/vsftpd/ftpd.passwd pub (passpub)
5. Create user conf file
mkdir /etc/vsftpd_user_conf

echo “local_root=/ftp/data/pub”>/etc/vsftpd_user_conf/pub
6. Make user directory
mkdir /ftp/data/pub; chown vsftpd:nogroup /ftp/data/pub

7. retart vsftpd
service vsftpd restart
or /usr/sbin/vsftpd

8. ssl support
1) check whether vsftpd support ssl:
ldd /usr/sbin/vsftpd |grep libssl
2) generate cert
openssl req -x509 -nodes -days 365 -newkey rsa:1024 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
3) edit conf:
vi /etc/vsftpd/vsftpd.conf
add following lines:

ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem

3) restart: service vsftpd restart